All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Adam Szkoda via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Phillip Wood <phillip.wood123@gmail.com>,
	Adam Szkoda <adaszko@gmail.com>, Fabian Stelzer <fs@gigacodes.de>,
	Adam Szkoda <adaszko@gmail.com>, Adam Szkoda <adaszko@gmail.com>
Subject: [PATCH v3] ssh signing: better error message when key not in agent
Date: Wed, 25 Jan 2023 12:40:50 +0000	[thread overview]
Message-ID: <pull.1270.v3.git.git.1674650450662.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1270.v2.git.git.1674573972087.gitgitgadget@gmail.com>

From: Adam Szkoda <adaszko@gmail.com>

When signing a commit with a SSH key, with the private key missing from
ssh-agent, a confusing error message is produced:

    error: Load key
    "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7":
    invalid format? fatal: failed to write commit object

The temporary file .git_signing_key_tmpkArSj7 created by git contains a
valid *public* key.  The error message comes from `ssh-keygen -Y sign' and
is caused by a fallback mechanism in ssh-keygen whereby it tries to
interpret .git_signing_key_tmpkArSj7 as a *private* key if it can't find in
the agent [1].  A fix is scheduled to be released in OpenSSH 9.1. All that
needs to be done is to pass an additional backward-compatible option -U to
'ssh-keygen -Y sign' call.  With '-U', ssh-keygen always interprets the file
as public key and expects to find the private key in the agent.

As a result, when the private key is missing from the agent, a more accurate
error message gets produced:

    error: Couldn't find key in agent

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Signed-off-by: Adam Szkoda <adaszko@gmail.com>
---
    ssh signing: better error message when key not in agent
    
    When signing a commit with a SSH key, with the private key missing from
    ssh-agent, a confusing error message is produced:
    
    error: Load key "/var/folders/t5/cscwwl_n3n1_8_5j_00x_3t40000gn/T//.git_signing_key_tmpkArSj7": invalid format?
    fatal: failed to write commit object
    
    
    The temporary file .git_signing_key_tmpkArSj7 created by git contains a
    valid public key. The error message comes from `ssh-keygen -Y sign' and
    is caused by a fallback mechanism in ssh-keygen whereby it tries to
    interpret .git_signing_key_tmpkArSj7 as a private key if it can't find
    in the agent [1]. A fix is scheduled to be released in OpenSSH 9.1. All
    that needs to be done is to pass an additional backward-compatible
    option -U to 'ssh-keygen -Y sign' call. With '-U', ssh-keygen always
    interprets the file as public key and expects to find the private key in
    the agent.
    
    As a result, when the private key is missing from the agent, a more
    accurate error message gets produced:
    
    error: Couldn't find key in agent
    
    
    [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1270%2Fradicle-dev%2Fmaint-v3
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1270/radicle-dev/maint-v3
Pull-Request: https://github.com/git/git/pull/1270

Range-diff vs v2:

 1:  03dfca79387 ! 1:  dc7acff3b95 ssh signing: better error message when key not in agent
     @@ gpg-interface.c: static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf
       		if (!key_file)
       			return error_errno(
      @@ gpg-interface.c: static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
     - 	}
     - 
     - 	strvec_pushl(&signer.args, use_format->program,
     --		     "-Y", "sign",
     --		     "-n", "git",
     --		     "-f", ssh_signing_key_file,
     + 		     "-Y", "sign",
     + 		     "-n", "git",
     + 		     "-f", ssh_signing_key_file,
      -		     buffer_file->filename.buf,
     --		     NULL);
     -+			"-Y", "sign",
     -+			"-n", "git",
     -+			"-f", ssh_signing_key_file,
     -+			NULL);
     -+	if (literal_ssh_key) {
     + 		     NULL);
     ++	if (literal_ssh_key)
      +		strvec_push(&signer.args, "-U");
     -+	}
      +	strvec_push(&signer.args, buffer_file->filename.buf);
       
       	sigchain_push(SIGPIPE, SIG_IGN);


 gpg-interface.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gpg-interface.c b/gpg-interface.c
index f877a1ea564..687236430bf 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -998,6 +998,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 	char *ssh_signing_key_file = NULL;
 	struct strbuf ssh_signature_filename = STRBUF_INIT;
 	const char *literal_key = NULL;
+	int literal_ssh_key = 0;
 
 	if (!signing_key || signing_key[0] == '\0')
 		return error(
@@ -1005,6 +1006,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 
 	if (is_literal_ssh_key(signing_key, &literal_key)) {
 		/* A literal ssh key */
+		literal_ssh_key = 1;
 		key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
 		if (!key_file)
 			return error_errno(
@@ -1039,8 +1041,10 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
 		     "-Y", "sign",
 		     "-n", "git",
 		     "-f", ssh_signing_key_file,
-		     buffer_file->filename.buf,
 		     NULL);
+	if (literal_ssh_key)
+		strvec_push(&signer.args, "-U");
+	strvec_push(&signer.args, buffer_file->filename.buf);
 
 	sigchain_push(SIGPIPE, SIG_IGN);
 	ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0);

base-commit: 844ede312b4e988881b6e27e352f469d8ab80b2a
-- 
gitgitgadget

      parent reply	other threads:[~2023-01-25 12:40 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-18  8:17 [PATCH] ssh signing: better error message when key not in agent Adam Szkoda via GitGitGadget
2023-01-18 11:10 ` Phillip Wood
2023-01-18 14:34   ` Phillip Wood
2023-01-18 15:28     ` Adam Szkoda
2023-01-18 16:29       ` Phillip Wood
2023-01-20  9:03         ` Fabian Stelzer
2023-01-23  9:33           ` Phillip Wood
2023-01-23 10:02             ` Fabian Stelzer
2023-01-23 16:17               ` Adam Szkoda
2023-01-24 15:26 ` [PATCH v2] " Adam Szkoda via GitGitGadget
2023-01-24 17:52   ` Junio C Hamano
2023-01-25 12:46     ` Adam Szkoda
2023-01-25 17:04       ` Junio C Hamano
2023-01-25 17:17       ` Junio C Hamano
2023-01-25 21:42       ` Eric Sunshine
2023-01-25 22:22         ` Junio C Hamano
2023-02-15  1:22           ` Eric Sunshine
2023-01-25 12:40   ` Adam Szkoda via GitGitGadget [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=pull.1270.v3.git.git.1674650450662.gitgitgadget@gmail.com \
    --to=gitgitgadget@gmail.com \
    --cc=adaszko@gmail.com \
    --cc=fs@gigacodes.de \
    --cc=git@vger.kernel.org \
    --cc=phillip.wood123@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.